Using MFA Delete

If a bucket's versioning configuration is MFA Delete–enabled, the bucket
owner must include the x-amz-mfa request header in
requests to permanently delete an object version or change the versioning state
of the bucket. Requests that include x-amz-mfa must use
HTTPS. The header's value is the concatenation of your authentication device's
serial number, a space, and the authentication code displayed on it. If you do
not include this request header, the request fails.

The following example shows how to delete
my-image.jpg (with the specified version), which is
in a bucket configured with MFA Delete enabled. Note the space between
[SerialNumber] and
[AuthenticationCode]. For more information,
see DELETE
Object.